From 759a9c7c0c088b1e65d22500bd66ffbae71f70ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Fri, 13 Oct 2023 06:08:26 +0200 Subject: [PATCH] conduit: Fix acme issue letsencrypt will prod on port 80 to verify the domain. `listen` overrides `addSSL`, so none of the NixOS modules' setup will actually work. This means the conduit virtualhost never listened on port 80, and couldn't verify letsencrypt requests. How this *ever* worked is beyond me, but this commit resolves the problems (don't worry, `forceSSL` does what it says on the tin and overrides the `listen` again). --- configuration/services/conduit.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/configuration/services/conduit.nix b/configuration/services/conduit.nix index 8257592..6c84705 100644 --- a/configuration/services/conduit.nix +++ b/configuration/services/conduit.nix @@ -183,6 +183,14 @@ in { enableACME = true; listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "[::0]"; + port = 80; + } { addr = "0.0.0.0"; port = 443; @@ -200,12 +208,12 @@ in { } { addr = "[::0]"; - port = 8488; + port = 8448; ssl = true; } ]; - addSSL = true; + forceSSL = true; extraConfig = '' merge_slashes off; access_log /var/log/nginx/${domain}/access.log upstream_time;